2 * Utility routines for packet capture
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
40 #ifdef HAVE_SYS_TYPES_H
41 # include <sys/types.h>
44 #ifdef HAVE_SYS_SOCKET_H
45 #include <sys/socket.h>
51 #include "capture-pcap-util.h"
52 #include "capture-pcap-util-int.h"
55 #include <netinet/in.h>
60 * Get the data-link type for a libpcap device.
61 * This works around AIX 5.x's non-standard and incompatible-with-the-
62 * rest-of-the-universe libpcap.
65 get_pcap_linktype(pcap_t *pch, const char *devname
73 const char *ifacename;
76 linktype = pcap_datalink(pch);
80 * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
81 * rather than DLT_ values for link-layer types; the ifType values
82 * for LAN devices are:
89 * and the ifType value for a loopback device is 24.
91 * The AIX names for LAN devices begin with:
98 * and the AIX names for loopback devices begin with "lo".
100 * (The difference between "Ethernet" and "802.3" is presumably
101 * whether packets have an Ethernet header, with a packet type,
102 * or an 802.3 header, with a packet length, followed by an 802.2
103 * header and possibly a SNAP header.)
105 * If the device name matches "linktype" interpreted as an ifType
106 * value, rather than as a DLT_ value, we will assume this is AIX's
107 * non-standard, incompatible libpcap, rather than a standard libpcap,
108 * and will map the link-layer type to the standard DLT_ value for
109 * that link-layer type, as that's what the rest of Wireshark expects.
111 * (This means the capture files won't be readable by a tcpdump
112 * linked with AIX's non-standard libpcap, but so it goes. They
113 * *will* be readable by standard versions of tcpdump, Wireshark,
116 * XXX - if we conclude we're using AIX libpcap, should we also
117 * set a flag to cause us to assume the time stamps are in
118 * seconds-and-nanoseconds form, and to convert them to
119 * seconds-and-microseconds form before processing them and
124 * Find the last component of the device name, which is the
127 ifacename = strchr(devname, '/');
128 if (ifacename == NULL)
131 /* See if it matches any of the LAN device names. */
132 if (strncmp(ifacename, "en", 2) == 0) {
135 * That's the RFC 1573 value for Ethernet; map it
140 } else if (strncmp(ifacename, "et", 2) == 0) {
143 * That's the RFC 1573 value for 802.3; map it to
145 * (libpcap, tcpdump, Wireshark, etc. don't care if
146 * it's Ethernet or 802.3.)
150 } else if (strncmp(ifacename, "tr", 2) == 0) {
153 * That's the RFC 1573 value for 802.5 (Token Ring);
154 * map it to DLT_IEEE802, which is what's used for
159 } else if (strncmp(ifacename, "fi", 2) == 0) {
160 if (linktype == 15) {
162 * That's the RFC 1573 value for FDDI; map it to
167 } else if (strncmp(ifacename, "lo", 2) == 0) {
168 if (linktype == 24) {
170 * That's the RFC 1573 value for "software loopback"
171 * devices; map it to DLT_NULL, which is what's used
172 * for loopback devices on BSD.
183 if_info_new(char *name, char *description)
187 if_info = g_malloc(sizeof (if_info_t));
188 if_info->name = g_strdup(name);
189 if (description == NULL)
190 if_info->description = NULL;
192 if_info->description = g_strdup(description);
193 if_info->ip_addr = NULL;
194 if_info->loopback = FALSE;
199 if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
202 struct sockaddr_in *ai;
204 struct sockaddr_in6 *ai6;
207 switch (addr->sa_family) {
210 ai = (struct sockaddr_in *)addr;
211 ip_addr = g_malloc(sizeof(*ip_addr));
212 ip_addr->type = AT_IPv4;
213 ip_addr->ip_addr.ip4_addr =
214 *((guint32 *)&(ai->sin_addr.s_addr));
215 if_info->ip_addr = g_slist_append(if_info->ip_addr, ip_addr);
220 ai6 = (struct sockaddr_in6 *)addr;
221 ip_addr = g_malloc(sizeof(*ip_addr));
222 ip_addr->type = AT_IPv6;
223 memcpy((void *)&ip_addr->ip_addr.ip6_addr,
224 (void *)&ai6->sin6_addr.s6_addr,
225 sizeof ip_addr->ip_addr.ip6_addr);
226 if_info->ip_addr = g_slist_append(if_info->ip_addr, ip_addr);
232 #ifdef HAVE_PCAP_FINDALLDEVS
234 * Get all IP address information, and the loopback flag, for the given
238 if_info_ip(if_info_t *if_info, pcap_if_t *d)
243 if_info->loopback = (d->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE;
246 for (a = d->addresses; a != NULL; a = a->next) {
248 if_info_add_address(if_info, a->addr);
252 #ifdef HAVE_PCAP_REMOTE
254 get_interface_list_findalldevs_ex(const char *source,
255 struct pcap_rmtauth *auth,
256 int *err, char **err_str)
259 pcap_if_t *alldevs, *dev;
261 char errbuf[PCAP_ERRBUF_SIZE];
263 if (pcap_findalldevs_ex((char *)source, auth, &alldevs, errbuf) == -1) {
264 *err = CANT_GET_INTERFACE_LIST;
266 *err_str = cant_get_if_list_error_message(errbuf);
270 if (alldevs == NULL) {
272 * No interfaces found.
274 *err = NO_INTERFACES_FOUND;
280 for (dev = alldevs; dev != NULL; dev = dev->next) {
281 if_info = if_info_new(dev->name, dev->description);
282 il = g_list_append(il, if_info);
283 if_info_ip(if_info, dev);
285 pcap_freealldevs(alldevs);
292 get_interface_list_findalldevs(int *err, char **err_str)
295 pcap_if_t *alldevs, *dev;
297 char errbuf[PCAP_ERRBUF_SIZE];
299 if (pcap_findalldevs(&alldevs, errbuf) == -1) {
300 *err = CANT_GET_INTERFACE_LIST;
302 *err_str = cant_get_if_list_error_message(errbuf);
306 if (alldevs == NULL) {
308 * No interfaces found.
310 *err = NO_INTERFACES_FOUND;
316 for (dev = alldevs; dev != NULL; dev = dev->next) {
317 if_info = if_info_new(dev->name, dev->description);
318 il = g_list_append(il, if_info);
319 if_info_ip(if_info, dev);
321 pcap_freealldevs(alldevs);
325 #endif /* HAVE_PCAP_FINDALLDEVS */
328 free_if_info_addr_cb(gpointer addr, gpointer user_data _U_)
334 free_if_cb(gpointer data, gpointer user_data _U_)
336 if_info_t *if_info = data;
338 g_free(if_info->name);
339 g_free(if_info->description);
341 g_slist_foreach(if_info->ip_addr, free_if_info_addr_cb, NULL);
342 g_slist_free(if_info->ip_addr);
347 free_interface_list(GList *if_list)
349 g_list_foreach(if_list, free_if_cb, NULL);
350 g_list_free(if_list);
353 #if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
356 const char *description;
360 #define DLT_CHOICE(code, description) { #code, description, code }
361 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
363 static struct dlt_choice dlt_choices[] = {
364 DLT_CHOICE(DLT_NULL, "BSD loopback"),
365 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
366 DLT_CHOICE(DLT_IEEE802, "Token ring"),
367 DLT_CHOICE(DLT_ARCNET, "ARCNET"),
368 DLT_CHOICE(DLT_SLIP, "SLIP"),
369 DLT_CHOICE(DLT_PPP, "PPP"),
370 DLT_CHOICE(DLT_FDDI, "FDDI"),
371 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"),
372 DLT_CHOICE(DLT_RAW, "Raw IP"),
373 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
374 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
375 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
376 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
377 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
378 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
379 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
380 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
381 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
382 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
383 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
384 DLT_CHOICE(DLT_LTALK, "Localtalk"),
385 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
386 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
387 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
388 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
389 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus BSD radio information header"),
390 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
391 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
392 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
393 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
397 #if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL)
399 pcap_datalink_name_to_val(const char *name)
403 for (i = 0; dlt_choices[i].name != NULL; i++) {
404 if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
406 return (dlt_choices[i].dlt);
410 #endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) */
412 #if !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME)
414 pcap_datalink_val_to_name(int dlt)
418 for (i = 0; dlt_choices[i].name != NULL; i++) {
419 if (dlt_choices[i].dlt == dlt)
420 return (dlt_choices[i].name + sizeof("DLT_") - 1);
424 #endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) */
426 #if !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
428 pcap_datalink_val_to_description(int dlt)
432 for (i = 0; dlt_choices[i].name != NULL; i++) {
433 if (dlt_choices[i].dlt == dlt)
434 return (dlt_choices[i].description);
438 #endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */
440 #endif /* !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */
443 * Get the data-link types available for a libpcap device.
445 static data_link_info_t *
446 create_data_link_info(int dlt)
448 data_link_info_t *data_link_info;
451 data_link_info = g_malloc(sizeof (data_link_info_t));
452 data_link_info->dlt = dlt;
453 text = pcap_datalink_val_to_name(dlt);
455 data_link_info->name = g_strdup(text);
457 data_link_info->name = g_strdup_printf("DLT %d", dlt);
458 text = pcap_datalink_val_to_description(dlt);
460 data_link_info->description = g_strdup(text);
462 data_link_info->description = NULL;
463 return data_link_info;
467 get_pcap_linktype_list(const char *devname, char **err_str)
469 GList *linktype_list = NULL;
472 char errbuf[PCAP_ERRBUF_SIZE];
473 #ifdef HAVE_PCAP_LIST_DATALINKS
477 data_link_info_t *data_link_info;
479 #ifdef HAVE_PCAP_OPEN
480 pch = pcap_open(devname, MIN_PACKET_SIZE, 0, 0, NULL, errbuf);
482 pch = pcap_open_live(devname, MIN_PACKET_SIZE, 0, 0, errbuf);
486 *err_str = g_strdup(errbuf);
489 deflt = get_pcap_linktype(pch, devname);
490 #ifdef HAVE_PCAP_LIST_DATALINKS
491 nlt = pcap_list_datalinks(pch, &linktypes);
492 if (nlt == 0 || linktypes == NULL) {
495 *err_str = NULL; /* an empty list doesn't mean an error */
498 for (i = 0; i < nlt; i++) {
499 data_link_info = create_data_link_info(linktypes[i]);
502 * XXX - for 802.11, make the most detailed 802.11
503 * version the default, rather than the one the
504 * device has as the default?
506 if (linktypes[i] == deflt)
507 linktype_list = g_list_prepend(linktype_list,
510 linktype_list = g_list_append(linktype_list,
513 #ifdef HAVE_PCAP_FREE_DATALINKS
514 pcap_free_datalinks(linktypes);
517 * In Windows, there's no guarantee that if you have a library
518 * built with one version of the MSVC++ run-time library, and
519 * it returns a pointer to allocated data, you can free that
520 * data from a program linked with another version of the
521 * MSVC++ run-time library.
523 * This is not an issue on UN*X.
525 * See the mail threads starting at
527 * http://www.winpcap.org/pipermail/winpcap-users/2006-September/001421.html
531 * http://www.winpcap.org/pipermail/winpcap-users/2008-May/002498.html
534 #define xx_free free /* hack so checkAPIs doesn't complain */
537 #endif /* HAVE_PCAP_FREE_DATALINKS */
538 #else /* HAVE_PCAP_LIST_DATALINKS */
539 data_link_info = create_data_link_info(deflt);
540 linktype_list = g_list_append(linktype_list, data_link_info);
541 #endif /* HAVE_PCAP_LIST_DATALINKS */
544 return linktype_list;
548 free_linktype_cb(gpointer data, gpointer user_data _U_)
550 data_link_info_t *linktype_info = data;
552 g_free(linktype_info->name);
553 g_free(linktype_info->description);
557 free_pcap_linktype_list(GList *linktype_list)
559 g_list_foreach(linktype_list, free_linktype_cb, NULL);
560 g_list_free(linktype_list);
563 /* Set the data link type on a pcap. */
565 set_pcap_linktype(pcap_t *pch, char *devname
566 #ifdef HAVE_PCAP_SET_DATALINK
571 #ifdef HAVE_PCAP_SET_DATALINK
572 if (pcap_set_datalink(pch, dlt) == 0)
573 return NULL; /* no error */
574 return pcap_geterr(pch);
576 /* Let them set it to the type it is; reject any other request. */
577 if (get_pcap_linktype(pch, devname) == dlt)
578 return NULL; /* no error */
579 return "That DLT isn't one of the DLTs supported by this device";
584 linktype_val_to_name(int dlt)
586 return pcap_datalink_val_to_name(dlt);
589 int linktype_name_to_val(const char *linktype)
591 return pcap_datalink_name_to_val(linktype);
594 #endif /* HAVE_LIBPCAP */